Our thinking

February 28, 2018

Get PowerShell remoting working on macOS without installing Homebrew

The PowerShell Team at Microsoft have put in a lot of work to port PowerShell to other (non-Windows) systems. As part of their porting efforts, they’ve also ported OpenSSH over to Windows, but that’s not what this post is about.

I manage a number of client tenancies hosted on Microsoft Office 365. While the web based admin console is continually being improved, occasionally I come across a task that I need to perform and the only way to do it is via PowerShell.

The team writing PowerShell are not long-time Mac experts (by their own admission) and one of the decisions they made early on in the development process was to use the Homebrew package manager instead of, say, MacPorts. The PowerShell software needs to use OpenSSH libraries to communicate with remote hosts (e.g. Office 365) and there are some hardcoded library paths in the software that reference the OpenSSH libraries installed by Homebrew.

While Homebrew is very popular, I will not use it on any systems that I manage because it changes the ownership of core system folders. This, IMHO, is not The Right Way™ to do things. Further, Homebrew explicitly does not support being run as root (e.g. via sudo) so you can’t fix the permissions and have Homebrew still work.

MacPorts is more of a traditional package manager – it doesn’t change system permissions and you need to be root to use it to install software on your system.

Fortunately, you can symlink the OpenSSH library location from MacPorts to where Homebrew puts it, and then PowerShell is quite happy to use it.

I don’t like to use Homebrew, mainly for legacy reasons now, and instead use MacPorts. These commands are needed to symlink the OpenSSL libraries from MacPorts to where Homebrew puts them as some PowerShell modules have this path hard-coded into them.

Great instructions! I’m using Catalina and had trouble with OpenSSL version, so posting here in case it helps someone else.
Powershell error was “This parameter set requires WSMan, and no supported WSMan client library was found.”
Downgrading OpenSSL from v1.1 to v1.0 worked for me.